Anthropic recently announced Project Glasswing, an initiative that enables tech companies like Apple to use its new frontier AI model Claude Mythos Preview to find security vulnerabilities across operating systems and web browsers.


The Wall Street Journal today reported that researchers at cybersecurity firm Calif used Claude Mythos Preview to uncover a new macOS security vulnerability last month. Specifically, they used the model to write code that links together two macOS bugs in a way that resulted in what is known as a privilege escalation exploit.

The security researchers said the exploit would not have been possible with Mythos alone, as it still required their human expertise on top, but it nevertheless proves that AI can assist with discovering software vulnerabilities.

Apple said it was reviewing Calif's report to validate the findings.

"Security is our top priority, and we take reports of potential vulnerabilities very seriously," an Apple spokesperson told The Wall Street Journal.

It is unclear if Apple has already patched the exploit. Apple's security notes for the macOS 26.5 update released this week mention a fix for a kernel-level vulnerability, and it credits Calif and Anthropic for discovering it. Yet, the report said that Calif only met with Apple this week and suggested that a fix was still coming.

We have reached out to Apple for comment.
This article, "Apple Alerted to macOS Security Vulnerability Uncovered With AI Tool" first appeared on MacRumors.com

Discuss this article in our forums

Apple and Meta have opposed a Canadian bill that the companies say could force them to create backdoor access to encrypted user data, should it pass through the country's parliament.


Proposed by Canada's ruling Liberal Party, Bill C-22 contains provisions that could be similar ​to a UK data access provision order sent to Apple last year, depending on how they are implemented.

Back in February 2025, the British government demanded that Apple give it blanket access to all encrypted user content uploaded to the cloud. Apple refused, and instead pulled its Advanced Data Protection iCloud feature from the United Kingdom.

U.S. officials later said Britain had dropped the request after the director of national intelligence, Tulsi Gabbard, raised concerns that it could violate a cloud data treaty and tap into US citizens' data.

Apple now finds itself in a similar standoff across the Atlantic. Canadian law enforcement ​officials say Bill C-22 would help them investigate security threats earlier and act more quickly. But Apple has pushed back against the proposed legislation. The company provided Reuters with the following statement:

"At a time of rising and pervasive threats ‌from malicious ⁠actors seeking access to user information, Bill C-22, as drafted, would undermine our ability to offer the powerful privacy and security features users expect from Apple. This legislation could allow the Canadian government to force companies to break encryption by inserting backdoors into their products – something Apple will never do."

Meta also argued that the bill contained "sweeping powers, minimal oversight, and lack of clear safeguards" that could end up making Canadians less safe, rather than more.

Apple CEO Tim Cook has consistently insisted that providing back-door access past its encryption for authorities would open the door for "bad guys" to gain access to its users' data. Cyber security experts agree that it would only be a matter of time before bad actors discover such a point of entry. Apple's stance was enhanced in 2016 when it successfully fought a US order to unlock the iPhone of a shooter in San Bernardino, California.

The Canadian bill is currently being debated in the House of Commons.
This article, "Apple Warns Canada's Bill C-22 Could Force Encryption Backdoors" first appeared on MacRumors.com

Discuss this article in our forums

Apple says it has no record of a successful spyware attack against any device running Lockdown Mode, the opt-in security feature it introduced in 2022.


"We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device," an Apple spokesperson told TechCrunch.

Lockdown Mode is available on the iPhone, iPad, and Mac, and dramatically restricts certain system features that are commonly exploited by mercenary spyware. When enabled, it blocks most message attachment types, disables certain complex web technologies, and prevents devices from automatically joining non-secure Wi-Fi networks, among other restrictions. Apple designed the feature specifically to protect high-risk users such as journalists, activists, lawyers, and others who may be personally targeted by sophisticated nation-state-level attacks.

• Enable Lockdown Mode on iPhone, iPad, and Mac

Donncha Ó Cearbhaill, head of the security lab at Amnesty International, said he and his colleagues "have not seen any evidence of an iPhone being successfully compromised by mercenary spyware where Lockdown Mode was enabled at the time of the attack." Digital rights organizations including Amnesty International and the University of Toronto's Citizen Lab have documented numerous successful spyware attacks on iPhone users over the years, but none have involved a bypass of Lockdown Mode.

Citizen Lab researchers have confirmed at least two cases where Lockdown Mode actively blocked spyware attacks, with one involving NSO Group's Pegasus and another involving Predator spyware, made by a company now part of Intellexa. Google researchers found that spyware was coded to abort its infection attempt if it detected Lockdown Mode was active, apparently to avoid leaving traces that could expose the attack.

Patrick Wardle, an Apple cybersecurity expert, told TechCrunch, "I think it's safe to say, Lockdown Mode is one of the most aggressive consumer-facing hardening features ever shipped."
This article, "Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked" first appeared on MacRumors.com

Discuss this article in our forums

Apple has begun pushing Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS, warning users of active web-based attacks.


The alerts, which appear as a "Critical Software" notification from the Settings app, warn that Apple "is aware of attacks targeting out-of-date iOS software, including the version on your iPhone," and urge users to install a critical update to protect their device. The notifications are being seen on devices running a range of older iOS versions, including iOS 17.0, far beyond the iOS 13 and iOS 14 devices that Apple specifically flagged in its support documentation.

In the documentation, Apple highlighted recent reports about hacking tools that are effective against older versions of iOS. Hackers are using iOS exploit kits known as "Coruna" and "DarkSword," which can take advantage of vulnerabilities in iOS 13 through to iOS 17.2.1. Clicking a malicious link or visiting a compromised website on an unpatched device could result in data being stolen.

"If your iPhone doesn't have the latest software, update iOS to protect your data," Apple says. Users can update by going to Settings, General, and Software Update.

Apple released iOS 15.8.7 and iOS 16.7.15, along with corresponding iPadOS versions, on March 11 to address security vulnerabilities associated with the Coruna exploit kit. Devices running the latest updated versions of iOS 15 through iOS 26 are already protected, while devices on iOS 13 or iOS 14 must update to iOS 15 to receive these protections.

Apple has patched the vulnerabilities as they have come to light over the last several months, so users who have already upgraded to the newest version of iOS available for their iPhone are protected from the malicious websites and links that are circulating right now. Apple Safe Browsing in Safari is enabled by default and blocks the malicious URL domains identified in the attacks.

Users who are unable to update should consider enabling Lockdown Mode, if available, to protect against malicious web content. Lockdown Mode is available on iOS 16 and later.
This article, "Apple Now Sending Critical Security Alerts to iPhones Running iOS 17 and Earlier" first appeared on MacRumors.com

Discuss this article in our forums

Apple has added a "groundbreaking" new memory security feature to its new iPhone 17 lineup called Memory Integrity Enforcement (MIE), which the company describes as "the most significant upgrade to memory safety in the history of consumer operating systems."


The new security feature targets spyware tools like Pegasus that exploit vulnerabilities to hack targeted devices. According to Apple, MIE provides comprehensive, always-on memory-safety protection covering the kernel and over 70 userland processes, built on the Enhanced Memory Tagging Extension (EMTE).

The new feature is supported by the new A19 and A19 Pro chips found across the iPhone 17 lineup as well as the iPhone Air. Apple says it has also added memory safety improvements for older hardware that doesn't support the new memory tagging features. In addition, Apple is making EMTE available to all Apple developers in Xcode as part of the new Enhanced Security feature that the company released earlier this year during WWDC.

The approach includes mitigation for Spectre V1 attacks that Apple claims works with "virtually zero CPU cost," addressing performance concerns that have plagued similar security features in the past. Apple says these changes make "mercenary spyware" significantly more expensive to develop, and present a major challenge to the surveillance industry.

Based on our evaluations pitting Memory Integrity Enforcement against exceptionally sophisticated mercenary spyware attacks from the last three years, we believe MIE will make exploit chains significantly more expensive and difficult to develop and maintain, disrupt many of the most effective exploitation techniques from the last 25 years, and completely redefine the landscape of memory safety for Apple products.

For in-depth information about the new MIE security feature, readers should refer to Apple's Security Research blog.
This article, "iPhone 17 Introduces 'Groundbreaking' New Memory Security Feature" first appeared on MacRumors.com

Discuss this article in our forums

The UK government's secret demand for Apple to create backdoor access to encrypted user data was far broader than previously known, reports the Financial Times. British officials didn't just want to break Apple's Advanced Data Protection feature, but sought to tap a swathe of standard iCloud services used by millions worldwide.


New court filings published on Wednesday by the Investigatory Powers Tribunal (IPC) show the Home Office's technical capability notice (TCN) "is not limited to" Apple's Advanced Data Protection feature, reports the FT. The order also included requirements for Apple to "provide and maintain a capability to disclose categories of data stored within a cloud-based backup service," suggesting the UK wanted access to backed-up messages and passwords.

Perhaps most significantly, the court document states that "the obligations included in the TCN are not limited to the UK or users of the service in the UK; they apply globally in respect of the relevant data categories of all iCloud users."

The revelation comes after Trump administration officials claimed last week that the UK had agreed to drop its encryption demands following pressure from the U.S. director of national intelligence Tulsi Gabbard and vice president JD Vance. However, the new filing suggests the Home Office has yet to formally modify or rescind its global data access demands.

Apple withdrew its Advanced Data Protection (ADP) feature from UK customers in February after receiving the secret government order, but the court documents imply this was only the tip of the iceberg. ADP provides end-to-end encryption for additional iCloud categories like Photos, Notes, and device backups, while standard iCloud already encrypts data in transit and at rest but allows Apple to access it with proper legal requests.

The case is arguably the most significant encryption battle since Apple's 2016 fight with the FBI over unlocking the San Bernardino shooter's iPhone. Apple has consistently maintained that creating backdoors would compromise security for all users and inevitably be exploited by malicious actors.

The IPC will hear Apple's legal challenge in open court early next year, although the UK government refuses to confirm or deny the existence of the Home Office order. The court has agreed to proceed based on "assumed facts" to avoid participants violating the Official Secrets Act.

One person familiar with the case told FT they were "still very concerned this is still going on," despite public statements from U.S. officials about the UK backing down.
This article, "UK Still Demanding Global Access to iCloud User Data, Filings Suggest" first appeared on MacRumors.com

Discuss this article in our forums